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IN THE CLAIMS 

Please enter the following amendments to the claims. The amendments are believed to 
introduce no new matter. 

L (Withdrawn) A method for authenticatibag network entities in a fibre channel 
network, the method comprising: 

receiving a fibre dbannel authentication message firom a first network entity at a second 
network entity in a fibre channel network, wherein the authentication message provides 
Information for authenticating or reauthenticating the first n^work entity in fhe fibre channel 
netwoik; 

deterxnining that hoQx the first network entity and the second network entity support 
security; 

vedJ^ong that the fijrst network entity corresponds to an entry in an authentication table 
associated with the second network entity; 

receiving first network entity verification m&tmation that confirms the identify of the 
first network entity. 

2. (Withdrawn) The method of claim 1, further comprising generating a session key at 
the second network entity, wherein the session key is generated using public infbrmation 
associated with the first network entity and a random parameter. 

3. (Withdrawn) The method of claim 1, fiirther oorrrprising: 

exchanging security association parameters such as the SPI and the algorithm identifier. 

4. (Withdrawn) The method of claim 1, wherein the authentication message is 
associated witii a request for a fabric logiiL 

5. O^rthdrawn) The method of claim 1, wherein deterxniniog that both the first and 
second network ^titles siq>port security comprises identifying a sectnity enable parameter in 
the initialization message. 

6. (Withdrawn) The method of claim 1 fiirther comprising detemiining which 
aulfaentlcatlon and key exchange protocol are su^orted by the two entities. 

7. (Withdrawn) The method of claim 2, wherein the public information associated with 
fhe first network entity is provided to the second network entity by the first network entity. 

8. (Withdrawn) The method of claim 2» wherein the session key generated at the 
second network ^tlty is also generated at the first network entity using public infimnation 



Application No,: 10/034,367 2 

PAGE 4/1 1 ' RCVD AT 3/1412008 7:28:01 PM [Eastern 



MAR. 14. 2006 4:34PM 5106630920 



NO. 675 P. 5/11 



associated with the second network entity and a landom parameter provided by the second 
network ejidty. 

9. (Withdrawn) The method of claim 8, wherein the p\iblic information associated with 
the second network entity is provided to the first network entity by the second network entity. 

10. (Withdrawn) The me&od of claim 8, wherein first network entity verification 
information is generated at the first network entity using pubhc information associated wi^ the 
first and second n^work e^ties and the session key. 

1 1 . (Withdrawn) The method of claim 10, furthea: comprising verifying fliat the first 
network entity verification information received corresponds to verification information 
generated at the second network entity using public infoimation associated with the first and 
second network entities and the session key. 

12. (Withdrawn) The i3aefhod of claim 11, ftether comprising transmitting second 
network entity verification information to the first network entity^ wherein the second network 
entity verification information is generated at the second network entity using public 
iofonnation associated with the first network entity, the fixst network entity verification 
information, and the session key. 

13. (Wi&drawn) The method of claim 12, wherdn the second network entity 
verification information transmitted corresponds to second network entity verification 
information generated at the first network entity using public information associated with tiie 
first network entity, the first network entity v^ification information, and tixe session key. 

14. (Withdrawn) The metiiod of claim 8» wherein the second network entity is a 
storage device in a storage area network 

15. (Withdrawn) The method of claim 8, wherein the first and second network CTtities 
axe domain controllers in a stxyt^g/s area networks 

16. (Withdrawn) The method of claim 8, wherein ttie first and second network entities 
are switches. 

17. (Withdrawn) The mediod of claim 8, wherein the first network entity is a host. 

18. (Withdrawn) The method of claim 17« wherein the second network entity is a 
storage device. 

19. (Withdrawn) The metiiod of claim 8» wherein the autiientication message is a fibre 
channel authentication message. 

20. (Withdrawn) The method of claim 19, wherein the authentication message is a 
lo^ message. 
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21. (Withdrawn) The method of claim 20, wlaerein the authentication message is a 
PLOGI or FLOGI message. 

22. (Withdrawn) The method of claim 8, furfher comprising: 

stoiiog security association infcnnation associated with the first network entity. 

23. (Witiidiawn) The mettiod of claim 8, further comprising: 

transporting security association information in the messages exchanged between the two 
netwoik entities 

24. (Withdrawn) The method of claim 22, wherein security association infomiadon 
comprises an identifier associated with the first netwoik entity and the session key. 

25. (Withdrawn) The method of claim 24, wherein security association information 
fiirther comprises an encryption algorithm identifier and an authentication algorithm identifier. 

26. (Original) A method for processing firames in a fibre channel netwoik having a first 
network entity and a second network entity, the method comprising: 

receiving a fiame at a first netwoik exitity fit>m the second network entity in a fibre 
channel networlq 

identifying a security contiot indicator in the firame from the second network entity; 

detemiining that a security association identifier associated with the frame corresponds 
to an entry in a security database; 

decrypting tiie first portion of the firame by using algorithm information contained in 
the entry in the security database. 

27. (Original) The method of claim 26, wherein the entry in the security database was 
cheated after a fibre channel netwoik autiientication sequence between the first and second 
netwoik entities- 

28. (Qri^nal) The method of claim 27, wherein tiie first portion is decrypted using a 
key contained in the esitcy in the security database. 

29. (Clonal) The method of claim 27, wherein the first portion is CTcrypted using 
DES,3DESorAES, 

30. (Original) The method ofclaim 27, fiirther C033q>rising: 
recognizing that a second portion of the frame supports auti^eutication; 

usmg algorithm infomiation contained in the entry in the security database to 
authenticate the second portion of the frame. 

31. (Original) The method of claim 30, wherein the second portion is authenticated 
usiog MDS or SHAl. 
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32. (Origmal) The method of claim 30, wherein the authenticatioii sequence is a fibre 
channel login sequence between the first and second network entities. 

33. (Original) The method of claim 32, wherein the login sequence is a PLOGI or 
FLOGI sequence. 

34. (Origmal) The method of claim 32, wherein the first and second network entities 
are domain controllers and the authentioatLon sequence is a FC-CT sequence. 

35- (Original) The method of claim 32, wh^ein the first and second network entities 
are domain controllers and the authenticalion sequence is a SW_ILS sequence. 

36. (Currently Amended) A mothod for transmitting encrypted firames in a fibre 
channel network having a first network entity and a second networic entity, the method 
comprising: 

identifying a fibre channel feme having a source corresponding to the first network 
entity and a destination corresponding to Hie second network entity; 

determining if the fibre diannel fiame corresfponds to die selectors of an entry in a 
security database; 

encrypting a first pordon of fiie fibre channel fiame using key and algoritibon 
information associated widi the entry in the security database; 

pTnvi/Tinpr a security control indicator in the fibre chanr ql wherein the security 

control iQdicator spec^ ^^ft ehflnti el firame is encrypted: 

transmittiiig ttie fibre channel feme to ttie second network entity. 

37. (Original) The mdbod of claim 36, wherein the entry in the security database was 
created after a fibre channel network authentication sequence betwe^ the first and second 
network entities. 

38. (Original) The method of claim 36, wherein flxe payload is encapsulated using the 
Authentication Header protocol or the Encapsulating Security Payload protocol. 

39. (Origmal) The method of claim 38, faxOxer conqsrising adding security information 
to the header of the fibre channel firame. 

40. (Original) The mediod of claim 37, wherein a first portion of the fibre chaimel 
feme is encrypted using DES» 3DES, or A£S. 

41. (Original) The method of claim 37, wherein parameters in the header are 
normalised prior to encrypting the first portion of die fibre chazmel feme. 

42. (Original) The method of claim 41, wherein the payload is padded prior to 
encrypting the Gist portion of the fibre dbannel feme. 

43. (Original) The method of claim 37, furdi^ comprising: 
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computing auth^ticatioix data using key and algorittim infonnaticm as well as a second 
portion of the fibre channel ficame. 

44. (Original) The method of claim 43, wherein authentication data is conqputed using 

MDSorSHAl. 

45. (Original) The metiiod of claim 43, wherein the anlhentication sequence is a fibre 
channel login sequence between the first and second network entities. 

46. (Original) The method of claim 45, wherein the login sequence is a PLOGI or 
FLOGI sequence, 

47. (Original) The method of claim 45, wherdn the first and second network entities 
axe domain controUeEs and tiie authentication sequence is a FC-CT sequence or an SW_ILS 
message. 

4S, (Currently Amended) An apparatus for transmitting encrypted frames in a fibre 
channel network having a first network entity and a second network entity, the apparatus 
corriprising: 

means for identifying a fibre chaonel frame having a source corresponding to the first 
netv^ork entity and a destination correspoi^ding to the second network entity; 

mftang for deteinuntDg if the fibre channel frame corresponds to the selectors of an 
CTtiy in a security database; 

means for encrypting a first portion of fiie fibre channel frame using key and algorithm 
information associated with the entry in the security database; 

means for providing a security control indicator in the fibre ch annel frame. wherein_the 
security control indicator specifies that the fibre channel frame is encrypted: 

means for transmittiiig the fibre channel fiiame to the second suetwork entity. 

49. (Origiiial) The apparatus of claim 48, wherein the entry in fiie security database 
was created t&or a fibre charmel network aufiientication sequace between the first and second 
network entities. 

50. (Original) An apparatus £br receiving encrypted frames in a fibre channel network 
havii^ a fionst netwoik entity and a second network entity, the apparatus conq)rising: 

mearis &r identifying that the fi:ame has beexx secured 

means to looktq> the security parameteons in a security database diat allow the de- 
encapsulation of the frame 

means to decrypt the eventually encrypted firame 

means to verify that the message has been sent by the sender, and that has not been 
tant^ered during its transmission . 
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